In March, the Department of Homeland Security issued a rare public alert about a large-scale Russian cyber campaign targeting U.S. infrastructure. In the month that followed, it became clear that U.S. critical infrastructure sectors are facing serious cyber threats–and may not be prepared.
Fast-forwarding to today, another crack in the cybersecurity dam appeared. Tenable announced that it recently discovered a critical remote code execution vulnerability in two Schneider Electric applications used in manufacturing, oil and gas, water, automation, and wind and solar power facilities. And this one is a doozy, the company said.
“If exploited, the vulnerability could give cybercriminals complete control of the underlying system,” Tenable said in a release. “Attackers would also be able to use the compromised system to move laterally through the network, exposing additional systems to attack, including human-machine interface (HMI) clients. In a worst-case scenario, attackers could use the vulnerability to disrupt or even cripple plant operations.”
As operation technology systems within critical infrastructure facilities are modernized, they become high-value targets for cybercriminals.
“Digital transformation has made its way to critical infrastructure, connecting once-isolated systems to the outside world,” said Dave Cole, chief product officer, Tenable. “This Schneider Electric vulnerability is particularly concerning because of the potential access it grants cybercriminals looking to do serious damage to mission-critical systems that quite literally power our communities.”
Schneider Electric has released a patch to remediate the security gap. However, it is often the case that as digitization and modernization blaze forward, cybersecurity lags behind. This creates what Tenable calls a cyber exposure gap. Tenable is looking to close that gap. Tomorrow, May 3, Tenable is hosting a one-day conversation on how dynamic and metric-driven approaches to understanding cyber exposure enable digital transformation. To learn more, join Tenable and Federal agency leaders at GovEdge18 on May 3 at the JW Marriott–click here to learn more. On-site registration is available tomorrow morning.
